Skip to main content
A man sees his private data publicly available online, prompting him to consider filing an AI lawsuit

Century Support Services Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating new claims on behalf of victims of the Century Support Services data breach. Reports suggest that the breach compromised the personal information of over 160,000 individuals. Contact our legal team to learn more about what you can do following a privacy violation and to consider taking legal action. Free consultations are available.

What Happened at Century Support Services?

Century Support Services, a Pennsylvania-based debt settlement company operating under Next Level Finance Partners, LLC, became the target of a significant data breach that was discovered on May 30, 2025. The initial cyberattack may have occurred as early as November 7, 2024, exposing a wide range of sensitive personal data, raising serious concerns about victims’ privacy and security. Data breach notifications were mailed out to affected individuals starting June 27, 2025.

Century Support Services detected suspicious activity on its computer systems in November 2024 and an investigation followed. Forensic experts concluded that cybercriminals had gained unauthorized access to the company’s network, potentially accessing or copying files containing the following information: names, dates of birth, Social Security numbers, driver’s license or state ID numbers, medical and health insurance details, passport numbers, financial account information, and digital signatures.

The company reported the incident to state authorities the Maine and Texas Attorney General’s offices on July 14, 2025, highlighting the breach’s widespread impact. No specific group has claimed responsibility for the attack yet, leaving the attack’s motive uncertain. The lack of a ransomware claim might indicate the data was stolen for resale, a common tactic that could keep victims at risk for years. The six-month delay between the initial intrusion and detection has fueled questions about the company’s cybersecurity preparedness.

This incident reflects the increasing vulnerability of financial service providers, where vast amounts of sensitive data are stored and managed. The exposure of such comprehensive personal information poses significant risks for the thousands of affected individuals, many of whom are likely debt consolidation customers. Social Security numbers and financial details are prime targets for identity theft, potentially leading to unauthorized bank account access, fraudulent loans, or tax fraud. Medical and health insurance data could enable medical identity theft, where criminals use the information to file false claims or obtain treatments under a victim’s name. The inclusion of digital signatures further complicates matters, as it could be used to forge documents or authorize transactions.

Affected individuals should act quickly to mitigate risks and can contact an experienced attorney to file a class action claim. Call our offices for a free consultation and confidential case review.